Cisco WAN :: C4500 And PAT Limitations?
Oct 29, 2012
We have the following architecture for Internet access:
LAN ---- CISCO-CHASSIS----FIREWALL-----INTERNET
My concern is about PAT, for LAN users Internet access: I would like that PAT is performed by Cisco chassis(in my case, a C4500), not by firewall (which means: local IP addresses for flows from LAN to Internet are all natted with the same public IP address).Are there some drawbacks to this design? I guess there is no problem for classical flows, but what about flows with specific comportment (such as FTP) on Cisco routers?
View 0 Replies
ADVERTISEMENT
Jul 5, 2011
Our cable company installed a new wireless router and gave it a different name so now our HP C4500 wireless printer won't print. I can't find any of the installation stuff (ie CD, etc) to reinstall it.
View 3 Replies
View Related
Aug 20, 2012
we're running 4 c4500 Switches at 2 sites connected to each other via Layer-2 crypto boxes and VPLS in a point-to-multipoint configuration which ist completely transparent (it's more or less like connecting them via a Hub - every switch sees the other 3 ones as neighbors). Our basic configs have udld globally enabled in aggressive mode. I wanted to disable that for the interfaces (routed ports) to the crypto boxes, because I don't want them in ErrDisabled for 5 minutes if there are connectivity problems in the VPLS-cloud (every switch also had 3 UDLD neighbors because of the P2MP configuration). In if-config mode I could do this simply with "udld port disable", but I thougt it would be better to run normal mode (not aggressive) to have the chance to use the UDLD show-commands. So I configured "udld port" for the affected interfaces.
interface GigabitEthernet1/2
udld port
!
[Code].....
View 6 Replies
View Related
Nov 30, 2011
I'm currently running 8.3(2) on my 5520s in an active/standby config. The 5520s have the 2GB RAM upgrade and 256MB flash card. Are there any CPU limitations in going to 8.4? I read the release notes but didn't seen anything about CPU. I heard through the grapevine that a 64-bit processor may be needed. We currently have the Pentium 4 Celeron 2000 MHz CPU.
View 1 Replies
View Related
Oct 10, 2011
I'm trying to use a 5520 to test something but the bandwidth seems pretty low for the product I'm testing over it. Can anyone tell me if there is a bandwidth limitation by default? I'm seeing 1.5mb/s average with spikes to 6mb/s or so. On the ASA5550 I was seeing usage up to 80mb/s.
View 5 Replies
View Related
May 29, 2012
What is the throughput of a 7246 UBR? I have 2 in service and it appears I can only get a maximum of 40Meg .
I am using MC16C card and NPE225 engines each card has approx. 700 customers on it.
If we upgrade to a 7246vxr with NPEG1 and MC28U.
View 0 Replies
View Related
Dec 22, 2012
I am experimenting with a Cisco 871 router. The router has 4 LAN ports and 1WAN port.What are the limitations wrt to the LAN ports when it comes to routing. Is the WAN port the only port that supports routing?
View 5 Replies
View Related
Mar 30, 2013
I've setup a Cisco Secure ACS server 5.1 in VMware ESXi everything seems to be working fine, however under the options for Policy Elements > Authorization and Permissions > Device Administration > Command Sets there is a command called "DenyAllCommands" that was there when i first installed the ACS. Is there any way to remove this? When I try to remove it i get an error that thats it can't be removed or modified. I'm writing a report on the Cisco ACS for university, if this is a limitation of the evaluation licence I will need to reference it. If this is a limitation and provide a link to a cisco page that confirms this.
View 2 Replies
View Related
Apr 27, 2013
we have a RV082 and have the DMZ option enable for a range of IPs within the same subnet of WAN IP and this works great. I have another range of Public IPs from our ISP that is not in the same subnet of the WAN IP and do not see a way on the RV082 to include this 2nd bank of Public IPs in the DMZ. Our ISP internet feed plugs into the RV082 WAN port and we have a switch pulgged into the DMZ port of the RV082 that is used to connect the public devices in the current DMZ. Both banks of Public IPs from our ISP come over via the ISP internet feed plugged into the WAN Port. My question is, if I cannot configure a DMZ rule to allow this 2nd range of Public IPs to "travel" to the RV082 DMZ port.
View 0 Replies
View Related
Mar 21, 2012
We are looking into replacing our current Windows NLB configuration with a SLB solution as NLB creates some nasty multicast traffic.
We are currently curious about the limitations for running SLB without a dedicated ACE Module, will it handle line-rate speed (1 and 10 gbit) with SLB?
Does VSS introduce any limitations for SLB? Any other pitfalls/limitations we should be aware of?
Hardware info: 2x WS-C6509-E in VSS with VS-S720-10G (VS-F6K-PFC3C) running s72033-ipservicesk9_wan-mz.122-33.SXI7
View 1 Replies
View Related
Aug 20, 2012
I have found that there are only few configuration to the Cisco Aironet 600 OEAP. The settings are just for basic configuration for a wireless network when it is in autonomous mode.
A need for a Wireless LAN Controller to perform advance settings.
Also, there are no firmware available in Cisco. No upgrade/downgrade firmware avalaible for download.
View 4 Replies
View Related
Apr 23, 2012
What are the limitations of Net flow v9 support on the 7600 platform for the SR code releases?
I know that Flexible Net flow is only available on newer releases with some newer hardware. Flexible Net flow gives you the ability to provide full support for Netflow v9 as well as IPFIX.
However, the documentation indicates that Net flow v9 is still supported in the SR code. So I am just trying to find out what are the limitations in how Net flow v9 is implemented without "Flexible Net flow". The Cisco TAC was unable to provide me any documentation about this.
View 1 Replies
View Related
Mar 21, 2012
on ACSv5.2...are there any limitations on the number of users that can be imported via CSV file...i.e. will the ACS handle 250,000 internal users for example?
View 1 Replies
View Related
Feb 22, 2013
I have a ASA5505 that i have running asdm 6.4 on it and have tried setting up some DHCP scopes for the interfaces.I have the security plus key.I set up 4 interfaces all with different subnets and all with different DHCP being doled out by the firewall for the time being.Anyway, 3 of the 4 work.I have tried to change interfaces wondering if there was an issue with that phy device.I tried enableing the subnet that would not work first and it didnt matter still would not issue dhcp.the other 3 work fine.Is there a limitation to the amount of scopes that will issue dhcp for an asa5505 ?
View 3 Replies
View Related
Aug 26, 2012
Is there any limitations of network size for an interface in a WLC 5508? Any recomendations of netmask size? Maximum /24, maximun /21?
View 5 Replies
View Related
Jan 29, 2013
with FW 7.4.100.0 a 2500 controller works as anchor controller, now.I have 3 questions.
1) What are the limitations? 15 EoIP tunnel, Clients? something else?
2) Have Cisco a compatibility matrix about Anchor - Foreign Firmware? (Example works 7.4.100.0 anchor with 7.0.x.x foreign?)
3) A controller works only as anchor. A controller version with lowest AP licence is needed. Right?
View 3 Replies
View Related
Nov 17, 2011
Our company is planning to buy one of cisco ASA 55xx series.But there is still one question left about DHCP pool limitations.Here I found some information about licensing for DHCP on ASA 5505: [URL]In other words, we don't have any information about ASA 5510, which contains DCHP pool licensing.
View 9 Replies
View Related
Oct 20, 2011
I wanted to find out how many times can I apply a healthcheck in a single context. I have 50 farms that are using the same port and instead of creating 50 different healthchecks, I want to just create 1 healthcheck for the 50 farms and apply it to each farm. I also need to know if the same limitations (whatever they may be) is the same for the 4710, ACE20 and ACE30.
View 1 Replies
View Related
Sep 20, 2011
I came across this site. I wanted to produce a better incoming ACL at home and work to prevent known bad sites
Here is their list of the Top 10 Global Spammers is out. The biggest surprise on the list is Korea, as it takes over the number one global spammer spot from China. With the improved high speed internet infrastructure in Korea and ease of network access, who knew Korea would be on the rise.
Here is the complete Global Spanner Top Ten List for the first quarter
[URL]
Korea
China
India
Russia
Turkey
Viet Nam
Ukraine
Brazil
Venezuela
Pakistan
When I sort the list, it is over 16k lines of ACL!
My question relates to what performance limits I would find.
Can I actually put that many lines in an ACL?
Will the router choke and do any other work
I have attached the sorted ACL list for you to review
Any of the following router lines will accept a list that large and still run acceptably?
2811
2911
3925
2945
View 1 Replies
View Related
Feb 22, 2011
I recently got a Static IP from my service provider, I'm working from home & configured a FTP server in my PC.
I have to transfer huge files say around 40 GB of data as I'm a Multimedia professional. I was using my web server, before for file transfers but there are lot of limitations to huge transfers.
My client, who is downloading using my Local Server says, it takes 3 mins to download a 9 Mb file, which took 17 sec before, when it was done with the webserver.
Does this have anything to do with my Internet connection speed as my speed is 1 - 2 Mbps. If not is there a possibility to increase my transfer speed ?
View 1 Replies
View Related
Dec 24, 2011
So, using a standard off the shelf UNMANAGED gigabit switch (just a cheapie), I have a scenario that I need to know about before I go and buy a whole lot of equipment.Ok so let's start off and say it's a perfect world and the workstations connect at a full 100 Mb/s and the server connects at 1000 Mb/s.So I'm looking at having say, four or five workstations connected to the gigabit switch (at 100Mb/s) and also a gigabit connection from the switch to the server. In this scenario, taking into account everything I've said above, would each of the workstations get a full 100 Mb/s to the server, or would everything be limited to 100 Mb/s total? I could see potential for the server to only talk to one of the workstations at a time and only at 100 Mb/s, but hopefully all four could communicate to the server simultaneously.
View 3 Replies
View Related
Sep 19, 2011
We have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not?
View 1 Replies
View Related
Jan 2, 2012
I've been reading the documentation for the new 3750v2 switch, and I'm wondering is the IPBase license supports FULL OSPF. The product sheet notes that it supports OSPF in the IPBase license, but then further down the page it notes that for advanced routing functions (EIGRP,OSPF) you need the IPServices license. Are there any limitations to the OSPF process on a 3750v2 with the IPBase license?
View 3 Replies
View Related
Dec 13, 2011
Any limitation on building an etherchannel on the abovementioned linecard, when bundling more than one port on the same card? The 4506 is using a 6L-E supervisor engine 12.2(54)SG1.
If it's done on a 6500 with a WS-X6148-GE-TX linecard it effectivley can only reach 1gb throughput.
View 2 Replies
View Related
Mar 3, 2013
I am bringing up a 3750x and a 2911 to replace a 3745 router with switchport module. I was plannng on moving all the VLAN interfaces off the 3745 onto the 3750x and turning up EIGRP. I discoved the 3750 has the LAN Base license, so I can't run eigrp off of it. My question or worry now is, will the LAN base license prevent the switch from doing interface VLAN routing between the different VLAN's configured on it or will I have keep all the VLAN interfaces on the new router and just have a router on a stick setup?
View 4 Replies
View Related
Aug 8, 2011
My RV016 does not seem to route traffic that does not originate from the subent that it sits on. For example, I have my RV016 on 192.168.1.1 and a gateway to 192.168.2.0/24 is at 192.168.1.2. None of the traffic originating in 192.168.2.0 is routed by the RV016. I have checked the routing tables and ACLs with no luck. I know the traffic is hitting the RV016 because I setup a packet sniffer. The packets just simply die there. Is this a limitation of the RV016 only being assigned to a single class C? Does it also ignore all internal traffic not from that class C even if the ACLs are open?
View 1 Replies
View Related
Jan 2, 2012
Just installed the E3200 and use to have a WRT54G. Wanted the N Band.Noticed two major deficiencies.
1) this device does not have Internet Access Policy option and the Parental Control interface is unbelievably poor?There are very few options to work with in terms of time of day to turn on and off blocking access. (Half hour increments only, not 5 minutes increments that I was use to). The "FROM" Field has AM only and the "TO" filed has PM only. This means if you wish a device to have access pass Midnight, you can't, or if you wish to block beginning in the AM, you can't. Furthermore there are no day selections, just School Night and Weekend Night. What if you just want to block school Night. You can't "turn off" weekend. Is there a way to gett full Internet Access firmware into this device.
2) When using Parental Control the devices to restrict access are only displayed by default names. I have 8 devices on the LAN and half of them say Network Device. Any way to identify them by a device name or MAC ID?
View 9 Replies
View Related
Jan 3, 2012
I have a Fiber to Ethernet connector from my ISP. The Ethernet cable goes to an iSP issued Zyxel router. Into this router the landline phoneservice connects to give us VoIP landline service (which is cheaper). An Ethernet cable goes from the Internet port on the E4200 to a LAN port on the Zyxel router. That works great but I had to put the E4200 into Bridge Mode to get it to connect to the Internet via the Zyxel router which I need to use the phone services my ISP provides. I bought the E4200 because I wanted to use the dualband functionally and get a 802.11N 5GHz network setup and to give me the ability to block certian websites and services which I knew Cisco/Linksys is famous for - the abillity to control your network.
Well then imagine my surprise when I could not use the Parental Control settings when the router is in Bridge Mode... This was the reason I bought this router over an Apple Airport Exreme. Is there anyway to get it to let me use the Parental Control anyway while in Bridge Mode or a better way for me to connect the router with the rest of my network?
View 3 Replies
View Related
Sep 19, 2011
We have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not?
View 1 Replies
View Related
Jul 20, 2011
I'm trying to test fast roaming using a Cisco 2100 Series controller and 2 1140 APs. The initial authentication succeeds fine and the wireless connection works ok using WPA2+CCKM and LEAP with a Cisco ACS radius server.The problem is that the client does not attempt to preauthenticate with the other AP because the RSN Capabilities IE in the AP beacons and probe responses do not set the RSN Preauthentication capable bit. I can't figure out what it takes to get the APs to indicate to clients that it can do preauthentication. I'm been crawling through all the documentation I can find, to no avail.
View 1 Replies
View Related
Aug 22, 2011
We are about to share a 10 MBit ISP connection with 2 others companies, and they are going to split the bill up into 3,3 and 4 Mbit, so we where thinking that we could setup a switch before their and ours router and provide them with a static IP from our ISP. But is it possible to set a bandwidth limit on the ports of a Cisco Catalyst 2960-8TC, so that we can set a limit of 3,3 and 4 on 3 ports.
View 1 Replies
View Related
Dec 3, 2011
I want to PAT my project of WLAN and i attached the document, how I create the Testing Criteria of the said scenarios, PAT document includes WCS 7.0, WLC 5508, MSE 3310, Cisco AP 3502e and ACS 4.2.
View 0 Replies
View Related
Jul 12, 2012
I have cisco ASA5510 firewall using in my network but unable to bolck Url's unwanted. can i block the [URL] on the asa by using regular exp.
View 3 Replies
View Related
